CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
13951 CVE-2006-6940 Exec Code Overflow 2007-01-17 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in the ParseHeader function in clsOWA.cls in POP3/SMTP to OWA (pop2owa) 1.1.3 allows remote attackers to execute arbitrary code via a long header in an e-mail message.
13952 CVE-2006-6926 Overflow 2007-01-12 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in eXtremail 2.1 has unknown impact and attack vectors, as demonstrated by VulnDisco Pack. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
13953 CVE-2006-6918 2007-01-11 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Admin login for Georgian discussion board (GeoBB) before 1.0 has unknown impact and attack vectors.
13954 CVE-2006-6917 Exec Code Overflow 2006-12-31 2018-10-16
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple buffer overflows in Computer Associates (CA) BrightStor ARCserve Backup R11.5 Server before SP2 allows remote attackers to execute arbitrary code in the Tape Engine (tapeeng.exe) via a crafted RPC request with (1) opnum 38, which is not properly handled in TAPEUTIL.dll 11.5.3884.0, or (2) opnum 37, which is not properly handled in TAPEENG.dll 11.5.3884.0.
13955 CVE-2006-6909 Exec Code Overflow 2006-12-31 2016-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in http.c in Karl Dahlke Edbrowse (aka Command line editor browser) 3.1.3 allows remote attackers to execute arbitrary code by operating an FTP server that sends directory listings with (1) long user names or (2) long group names.
13956 CVE-2006-6908 DoS Exec Code Overflow 2006-12-31 2018-10-16
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in the Bluetooth Stack COM Server in the Widcomm Bluetooth stack, as packaged as Widcomm Stack 3.x and earlier on Windows, Widcomm BTStackServer 1.4.2.10 and 1.3.2.7 on Windows, Widcomm Bluetooth Communication Software 1.4.1.03 on Windows, and the Bluetooth implementation in Windows Mobile or Windows CE on the HP IPAQ 2215 and 5450, allows remote attackers to cause a denial of service (service crash) and possibly execute arbitrary code via unspecified vectors.
13957 CVE-2006-6907 2006-12-31 2018-10-16
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Bluesoil Bluetooth stack has unknown impact and attack vectors.
13958 CVE-2006-6905 2006-12-31 2018-10-16
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Widcomm Bluetooth stack allows remote attackers to gain administrative access (aka Remote Root) via unspecified vectors.
13959 CVE-2006-6903 2006-12-31 2018-10-16
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Toshiba Bluetooth stack allows remote attackers to gain administrative access (aka Remote Root) via unspecified vectors.
13960 CVE-2006-6902 2006-12-31 2018-10-16
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Bluetooth stack in Microsoft Windows Mobile Pocket PC edition allows remote attackers to gain administrative access (aka Remote Root) via unspecified vectors.
13961 CVE-2006-6901 2006-12-31 2018-10-16
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Bluetooth stack in Microsoft Windows allows remote attackers to gain administrative access (aka Remote Root) via unspecified vectors.
13962 CVE-2006-6900 2006-12-31 2018-10-16
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Bluetooth stack in Apple Mac OS 10.4 has unknown impact and attack vectors, related to an "implementation bug."
13963 CVE-2006-6894 2006-12-31 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in SPINE before 1.2 have unknown impact and attack vectors, related to (1) "Placeholders in database handler" and (2) "Macro admin security."
13964 CVE-2006-6884 119 Exec Code Overflow 2006-12-31 2018-10-17
9.3
Admin Remote Medium Not required Complete Complete Complete
Buffer overflow in the WZFILEVIEW.FileViewCtrl.61 ActiveX control (aka Sky Software "FileView" ActiveX control) for WinZip 10.0 Build 6667 allows remote attackers to execute arbitrary code via a long argument to the CreateNewFolderFromName method, a different vulnerability than CVE-2006-5198.
13965 CVE-2006-6869 Dir. Trav. 2006-12-31 2017-10-18
9.3
Admin Remote Medium Not required Complete Complete Complete
Directory traversal vulnerability in includes/search/search_mdforum.php in MAXdev MDForum 2.0.1 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang cookie to error.php, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
13966 CVE-2006-6864 Exec Code File Inclusion 2006-12-31 2018-10-17
10.0
None Remote Low Not required Complete Complete Complete
PHP remote file inclusion vulnerability in E2_header.inc.php in Enigma2 Coppermine Bridge 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the boarddir parameter.
13967 CVE-2006-6863 Exec Code File Inclusion 2006-12-31 2018-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
** DISPUTED ** PHP remote file inclusion vulnerability in the Enigma2 plugin (Enigma2.php) in Enigma WordPress Bridge allows remote attackers to execute arbitrary PHP code via a URL in the boarddir parameter. NOTE: CVE disputes this issue, since $boarddir is set to a fixed value.
13968 CVE-2006-6861 Exec Code Sql 2006-12-31 2018-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple SQL injection vulnerabilities in Outfront Spooky Login 2.7 allow remote attackers to execute arbitrary SQL commands via (1) the UserUpdate parameter to login/register.asp or (2) unspecified parameters to includes/a_register.asp.
13969 CVE-2006-6860 Exec Code Overflow 2006-12-31 2018-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in the sendToMythTV function in MythControlServer.c in MythControl 1.0 and earlier allows remote attackers to execute arbitrary code via a crafted sendStr string to the Bluetooth interface. NOTE: some of these details are obtained from third party information.
13970 CVE-2006-6859 Exec Code Sql 2006-12-31 2017-10-18
10.0
Admin Remote Low Not required Complete Complete Complete
SQL injection vulnerability in coupon_detail.asp in Website Designs For Less Click N' Print Coupons 2005.01 and earlier allows remote attackers to execute arbitrary SQL commands via the key parameter.
13971 CVE-2006-6853 Exec Code Overflow 2006-12-31 2017-10-18
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in Durian Web Application Server 3.02 freeware on Windows allows remote attackers to execute arbitrary code via a long string in a crafted packet to TCP port 4002.
13972 CVE-2006-6841 2006-12-31 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Certain forms in phpBB before 2.0.22 lack session checks, which has unknown impact and remote attack vectors.
13973 CVE-2006-6840 2006-12-31 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in phpBB before 2.0.22 has unknown impact and remote attack vectors related to a "negative start parameter."
13974 CVE-2006-6839 2006-12-31 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in phpBB before 2.0.22 has unknown impact and remote attack vectors related to "criteria for 'bad' redirection targets."
13975 CVE-2006-6836 2006-12-31 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in osp-cert in IBM OS/400 V5R3M0 have unspecified impact and attack vectors, related to ASN.1 parsing.
13976 CVE-2006-6772 134 Exec Code 2006-12-27 2018-08-13
9.3
Admin Remote Medium Not required Complete Complete Complete
Format string vulnerability in the inputAnswer function in file.c in w3m before 0.5.2, when run with the dump or backend option, allows remote attackers to execute arbitrary code via format string specifiers in the Common Name (CN) field of an SSL certificate associated with an https URL.
13977 CVE-2006-6767 DoS 2007-01-16 2017-07-28
9.4
None Remote Low Not required None Complete Complete
oftpd before 0.3.7 allows remote attackers to cause a denial of service (daemon abort) via a (1) LPRT or (2) LPASV command with an unsupported address family, which triggers an assertion failure.
13978 CVE-2006-6749 119 Overflow 2006-12-26 2018-10-17
9.3
Admin Remote Medium Not required Complete Complete Complete
Buffer overflow in the parse_expression function in parse_config in OpenSER 1.1.0 allows attackers to have an unknown impact via a long str parameter.
13979 CVE-2006-6745 +Priv 2006-12-26 2018-10-30
9.3
Admin Remote Medium Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 7 and earlier, and Java System Development Kit (SDK) and JRE 1.4.2_12 and earlier 1.4.x versions, allow attackers to develop Java applets or applications that are able to gain privileges, related to serialization in JRE.
13980 CVE-2006-6731 Overflow 2006-12-26 2017-10-10
9.3
Admin Remote Medium Not required Complete Complete Complete
Multiple buffer overflows in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 7 and earlier, Java System Development Kit (SDK) and JRE 1.4.2_12 and earlier 1.4.x versions, and SDK and JRE 1.3.1_18 and earlier allow attackers to develop Java applets that read, write, or execute local files, possibly related to (1) integer overflows in the Java_sun_awt_image_ImagingLib_convolveBI, awt_parseRaster, and awt_parseColorModel functions; (2) a stack overflow in the Java_sun_awt_image_ImagingLib_lookupByteRaster function; and (3) improper handling of certain negative values in the Java_sun_font_SunLayoutEngine_nativeLayout function. NOTE: some of these details are obtained from third party information.
13981 CVE-2006-6713 Exec Code Overflow 2006-12-22 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in Hitachi Directory Server 2 P-2444-A124 before 02-11-/K on Windows, and P-1B44-A121 before 02-10-/V on HP-UX, allows remote attackers to execute arbitrary code via crafted LDAP requests.
13982 CVE-2006-6676 189 Exec Code Overflow 2006-12-20 2018-10-17
9.3
Admin Remote Medium Not required Complete Complete Complete
Integer overflow in the (a) OLE2 and (b) CHM parsers for ESET NOD32 Antivirus before 1.1743 allows remote attackers to execute arbitrary code via a crafted (1) .DOC or (2) .CAB file that triggers a heap-based buffer overflow.
13983 CVE-2006-6670 2006-12-20 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Nortel CallPilot 4.x Server has unknown impact and attack vectors, aka P-2006-0011-GLOBAL.
13984 CVE-2006-6652 119 Exec Code Overflow 2006-12-19 2018-10-17
9.0
Admin Remote Low Single system Complete Complete Complete
Buffer overflow in the glob implementation (glob.c) in libc in NetBSD-current before 20050914, NetBSD 2.* and 3.* before 20061203, and Apple Mac OS X before 2007-004, as used by the FTP daemon and tnftpd, allows remote authenticated users to execute arbitrary code via a long pathname that results from path expansion.
13985 CVE-2006-6636 2006-12-19 2017-07-28
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Utility Classes for IBM WebSphere Application Server (WAS) before 5.1.1.13 and 6.x before 6.0.2.17 has unknown impact and attack vectors.
13986 CVE-2006-6627 Exec Code Overflow 2006-12-18 2018-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
Integer overflow in the packed PE file parsing implementation in BitDefender products before 20060829, including Antivirus, Antivirus Plus, Internet Security, Mail Protection for Enterprises, and Online Scanner; and BitDefender products for Microsoft ISA Server and Exchange 5.5 through 2003; allows remote attackers to execute arbitrary code via a crafted file, which triggers a heap-based buffer overflow, aka the "cevakrnl.xmd vulnerability."
13987 CVE-2006-6605 Exec Code Overflow 2006-12-19 2018-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the POP service in MailEnable Standard 1.98 and earlier; Professional 1.84, and 2.35 and earlier; and Enterprise 1.41, and 2.35 and earlier before ME-10026 allows remote attackers to execute arbitrary code via a long argument to the PASS command.
13988 CVE-2006-6603 Exec Code Overflow 2006-12-15 2008-09-05
9.3
Admin Remote Medium Not required Complete Complete Complete
Buffer overflow in the YMMAPI.YMailAttach ActiveX control (ymmapi.dll) before 2005.1.1.4 in Yahoo! Messenger allows remote attackers to execute arbitrary code via a crafted HTML document. NOTE: some details were obtained from third party information.
13989 CVE-2006-6584 DoS Exec Code Overflow 2006-12-15 2017-07-28
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple buffer overflows in italkplus (Italk+) before 0.92.1 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unspecified vectors.
13990 CVE-2006-6568 Dir. Trav. 2006-12-15 2017-10-18
10.0
Admin Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in includes/kb_constants.php in the Knowledge Base (mx_kb) 2.0.2 module for mxBB allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the phpEx parameter.
13991 CVE-2006-6567 Exec Code File Inclusion 2006-12-15 2017-10-18
10.0
Admin Remote Low Not required Complete Complete Complete
PHP remote file inclusion vulnerability in includes/kb_constants.php in the Knowledge Base (mx_kb) 2.0.2 module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter.
13992 CVE-2006-6561 Exec Code Mem. Corr. 2006-12-14 2018-05-02
9.3
Admin Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Microsoft Word 2000, 2002, and Word Viewer 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted DOC file that triggers memory corruption, as demonstrated via the 12122006-djtest.doc file, a different issue than CVE-2006-5994 and CVE-2006-6456.
13993 CVE-2006-6539 DoS Exec Code Overflow 2006-12-13 2018-10-17
10.0
None Remote Low Not required Complete Complete Complete
Multiple buffer overflows in Winamp Web Interface (Wawi) 7.5.13 and earlier (1) allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an (a) long username or a (b) crafted packet to the FindBasicAuth function in security.cpp, related to the /browse URI; and allow remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via a long path string in the (2) Browse, (3) CControl::Download, and (4) CControl::Load functions, related to the file parameter in the /dl URI. NOTE: some of these details are obtained from third party information.
13994 CVE-2006-6535 2007-01-30 2017-10-10
9.4
None Remote Low Not required None Complete Complete
The dev_queue_xmit function in Linux kernel 2.6 can fail before calling the local_bh_disable function, which could lead to data corruption and "node lockups." NOTE: it is not clear whether this issue is exploitable.
13995 CVE-2006-6515 2006-12-13 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Mantis before 1.1.0a2 sets the default value of $g_bug_reminder_threshold to "reporter" instead of a more privileged role, which has unknown impact and attack vectors, possibly related to frequency of reminders.
13996 CVE-2006-6504 94 Exec Code Mem. Corr. 2006-12-19 2018-10-17
9.3
Admin Remote Medium Not required Complete Complete Complete
Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to execute arbitrary code by appending an SVG comment DOM node to another type of document, which triggers memory corruption.
13997 CVE-2006-6490 Exec Code Overflow 2007-02-22 2018-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple buffer overflows in the SupportSoft (1) SmartIssue (tgctlsi.dll) and (2) ScriptRunner (tgctlsr.dll) ActiveX controls, as used by Symantec Automated Support Assistant and Norton AntiVirus, Internet Security, and System Works 2006, allows remote attackers to execute arbitrary code via a crafted HTML message.
13998 CVE-2006-6473 2006-12-11 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 have unknown impact and attack vectors, related to (1) an Immediate Image Overwrite (IIO) error message at the Local User Interface (LUI) if overwrite fails, (2) an IIO failure when a Held Job is deleted, and (3) an On Demand Image Overwrite failure when the overwrite is greater than 2 Gb.
13999 CVE-2006-6472 2006-12-11 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
The httpd.conf file in Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 configures port 443 to be always active, which has unknown impact and remote attack vectors.
14000 CVE-2006-6471 2006-12-11 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 use weak permissions for certain files, which allows unspecified file access.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.